« mai 2018 »
30 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 1 2 3


Sur ce site

Sur le Web du CNRS

Accueil du site > Séminaires et journées internes > Séminaires de CRYPTO > Séminaires CRYPTO 2017-2018

Séminaires CRYPTO 2017-2018



    • Vendredi 19 janvier 11:00-12:00 - Xavier Bonnetain - Inria Paris

      Quantum Key-Recovery on AEZ

      Résumé : AEZ is an authenticated encryption algorithm, candidate in the CAESAR competition. While some classical analysis on the algorithm have been published, the cost of these attacks is beyond the security claimed by the designers.
      In this talk, I’ll present how all the versions of AEZ are completely broken against a quantum adversary, using a generalisation of Simon’s quantum algorithm for period finding.

      Lieu : Bât. Descartes, Salle 301

    • Vendredi 2 février 11:00-12:00 - Anand Narayanan - LIP6

      Nearly linear time encodable codes beating the Gilbert-Varshamov bound

      Résumé : Error-correcting codes enable reliable transmission of information over an erroneous channel. One typically desires codes to transmit information at a high rate while still being able to correct a large fraction of errors. However, rate and relative distance (which quantifies the fraction of errors corrected) are competing quantities with a trade off. The Gilbert-Varshamov bound assures for every rate R, relative distance D and alphabet size Q, there exists an infinite family of codes with R + H_Q(D) >= 1-\epsilon. Constructing codes meeting or beating the Gilbert-Varshamov bound remained a long-standing open problem, until the advent of algebraic geometry codes by Goppa. In a seminal paper, for prime power squares Q ≥ 7², Tsfasman-Vladut-Zink constructed algebraic geometry codes beating the Gilbert-Varshamov bound. A rare occasion where an explicit construction yields better parameters than guaranteed by randomized arguments ! For codes to find use in practice, one often requires fast encoding and decoding algorithms in addition to satisfying a good trade off between rate and minimum distance. A natural question, which remains unresolved, is if there exist linear time encodable and decodable codes meeting or beating the Gilbert-Varshamov bound. In this talk, I shall present the first nearly linear time encodable codes beating the Gilbert-Varshamov bound, along with a nearly quadratic decoding algorithm. Time permitting, applications to secret sharing, explicit construction of pseudorandom objects and the like will also be discussed.
      The talk will be based on joint work with Matthew Weidner (Caltech). A preprint is available here

      Lieu : Bât. Descartes, Salle 301

    • Mardi 10 avril 14:00-15:00 - Ferdinand Sibleyras - Inria Paris

      The Missing Difference Problem, and its Applications to Counter Mode Encryption

      Résumé : The widely deployed counter mode (CTR) is known for its efficiency and simplicity as it comes with a security proof that guarantees no attack up to the birthday bound and a matching distinguishing attack. However, unlike in CBC mode, a ciphertext collision in CTR mode hardly reveals anything to the attacker. Therefore we define an algorithmic problem, the missing difference problem, and show how its resolution leads to a message recovery attack with complexity close to the birthday bound. As a further result efficiently solving this problem also allows to describe an universal forgery attack against polynomial MACs such as GMAC and Poly1305 in complexity Õ(2^(2n/3)).
      This is a joint work with Gaëtan Leurent.

      Lieu : Bât. Descartes, Salle 301

    • Mardi 17 avril 14:00-15:00 - Albrecht Petzoldt - UVSQ

      Improved Cryptanalysis of HFEv- via Projection

      Résumé : The HFEv- signature scheme is one of the most studied multivariate schemes and one of the major candidates for the upcoming standardization of post-quantum digital signature schemes. In this paper, we propose three new attack strategies against HFEv-, each of them using the idea of projection. Especially our third attack is very effective and is, for some parameter sets, the most efficient known attack against HFEv-. Furthermore, our attack requires much less memory than direct and rank attacks. By our work, we therefore give new insights in the security of the HFEv- signature scheme and restrictions for the parameter choice of a possible future standardized HFEv- instance.

Ajouter un événement iCal
Séminaire dédié à la cryptographie et à la sécurité informatique. Ce séminaire, ouvert à tous, a généralement lieu le vendredi matin de 11h à 12h en salle 301 du bâtiment Descartes.

Pour intervenir dans celui-ci, en présentant vos recherches ou vos développements industriels, veuillez contacter Luca De Feo.
Pour être tenu au courant des séances, veuillez vous inscrire à la liste de diffusion en visitant cette page.

Comment venir ?

Procédure pour les invités en mission